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REMARKS 

Claims 18 and 26 are amended. No new claims are added. Claims 1-31 are 
pending for consideration. In view of the following remarks, Applicant 
respectfully requests reconsideration and allowance of the subject application. 

Specification Obiections 

The Office objects to Applicant's use of trademarks in its specification. 
Applicant has amended the relevant paragraph and requests that this objection be 
withdrawn. 

Drawing Obiections 

The Office objects to Applicant's drawings because certain reference signs 
are mentioned in the description but arc not shown on the drawings. Applicant has 
amended the relevant paragraph of the specification to remove all mention of the 
specified reference signs (i.e., server operating system 22, Internet Information 
Server 24, platform 26, and application(s) 30). In addition. Applicant has changed 
the top and left margins of Fig 2. Applicant requests that all drawing objections be 
withdrawn. 

§ 101 Rejections 

Claims 18-21 and 26-31 stand rejected under 35 U.S.C. § 101 as being 
directed to non-statutory subject matter. Applicant disagrees with the rejections 
and traverses the Office's rejections. 

The Patent Office has provided an "Examination Guideline for Computer- 
Related Inventions" which is particularly instructive in considering the above 
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claim rejections. In this guideline, the Office discusses non-statutory subject 
matter as such relates to computer-related inventions. Specifically, the Office 
describes two types of descriptive material— functional and non-functional. 

Functional descriptive material consists of data structures and computer 
programs which impart functionality when encoded on a computer-readable 
medium. Such data structures and programs are statutory when embodied on a 
computer-readable medium^ 

A "data structure" is defined, in the PTO*s guidelines, as a 'physical or 
logical relationship among data elements, designed to support specific data 
manipulation functions." (See, footnote 27, citing to The New IEEE Standard 
Dictionary of Electrical and Electronics Terms 308 (f^ ed, 1993)1 Non- 
functional descriptive material, on the other hand, includes but is not limited to 
music, literary works and a compilation or mere arrangement of data. 

Claim 18 has been amended and now recites a Web server input string 
screening tool embodied on a computer-readable medium. Applicant submits 
that this claim is allowable and requests the Office to withdraw its § 101 rejection 
of this claim. 

Claims 19-21 depend from claim 18 and are allowable as depending from 
an allowable base claim. Applicant requests the Office to withdraw its § 101 
rejection of these claims, as well. 

As amended, claim 26 recites a collection of Web server screening patterns 
embodied on a comt>uter-readable medium comprising: 

• a memory; and 

• a plurality of attack patterns stored in the memory, the attack 
patterns being useable to screen input strings that are intended for 
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use by a Web server, individual attack patterns being defined in a 
manner that permits variability among their constituent parts. 

The Office argues that the claimed collection of screening patterns is a data 
structure and non-functional. Applicant respectfully disagrees and traverses the 
Office's rejection. 

In this particular situation, it is perhaps instructive to consider the Federal 
Circuit case of In re Lowry, 32 F.3d 1579 (1994), where the Court addressed the 
issue of whether a data structure claim met the statutory requirements of §10L 
The independent claim that was at issue in that case is presented directly below for 
the convenience of the Office: 



I. A memory for storing data for access by an application 
program being executed on a data processing system* comprising: 

a data structure stored in said memory, said data structure including 
13 information resident in a database used by said application program and 

including: 

a plurality of attribute data objects (ADOs) stored in said 
memory, each of said attribute data objects containing different 
information from said database; 

a single holder attribute data object for each of said attribute 
data objects, each of said holder attribute data objects being one of 
said plurality of attribute data objects, a being-held relationship 
existing between each attribute data object and its holder attribute 
data object, and each of said attribute data objects having a being- 
held relationship with only a single other attribute data object, 
thereby establishing a hierarchy of said plurality of attribute data 

20 objects; 

a referent attribute data object for at least one of said attribute 

21 data objects, said referent attribute data object being 
nonhierarchically related to a holder attribute data object for the 
same at least one of said attribute data objects and also being one of 
said plurality of attribute data objects, attribute data objects for 
which there exist only holder attribute data objects being called 

24 element data objects, and attribute data objects for which there also 
exist referent attribute data objects being called relation data objects; 

25 and 
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an apex data object stored in said memory and having no 
being-held relationship with any of said attribute data objects, 
however, at least one of said attribute data objects having a being- 
held relationship with said apex data object. 



In this case, the Federal Circuit noted that Lowry's ADOs do not represent 
^ merely underlying data in a database. The Court commented that the ADOs 
contain both information used by application programs and information regarding 
their physical interrelationships within a memory. 

In the same way as Lowry's claims contained both information used by 
application programs and information regarding the physical interrelationship of 
the ADOs within a memory, claim 26 recites subject matter that contains both 
information thai is useable by software (i.e. . . attack patterns being useable to 
screen input strings that are intended for use by a Web server. , , as well as 
information regarding the interrelationship of the data elements within a memory 
(i.e. - . individual attack patterns being defined in a manner that permits 
variability among their constituent parts."). Thus, as the claim in Lowry, this 
claim defines functional characteristics of the computer-readable media. 

In characterizing Lowry*s claim, the Court noted that Lowry did not claim 
merely the information content of a memory. In the Court*s view, although 
Lowry's data structures did include data resident in a database, the data structures 
depended only functionally on information content. While the information content 
affected the exact sequence of bits stored in accordance with Lowry's data 
structures, the claims, in the Courtis opinion, required specific electronic structural 
elements which imparted a physical organization on the information stored in 
memory. The physical organization embodied in the claimed subject matter is the 
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organization that is provided through an attack pattern's definition in a manner 
that permits variability among its constituent parts. This variability leads to a 
more flexible and robust attack pattem search by those systems that employ the 
claimed attack patterns. 

As noted by the Court, in Lowry's invention, the stored data existed as a 
collection of bits having information about relationships between the ADOs. This 
was deemed by the Court as the essence of electronic structure. Similarly, the 
claimed subject matter exists as a collection of bits that have information about the 

9 interrelationship of an attack pattern's constituent parts. 

10 As the Court further noted, more than mere abstraction, the data structures 
were specific electrical or magnetic structural elements in a memory. According 
to Lowry, the data structures provided tangible benefits: data stored in accordance 
with the claimed data structures were more easily accessed, stored, and erased. 
The Court further observed that, unlike prior art data structures, Lowr^s data 
structures simultaneously represented complex data accurately and enabled 

16 powerful nested operations. As the Court noted, in short, Lowry*s data structures 

17 were physical entities that provided increased efficiency in computer operation. 

18 Hence, the Court found the recited data structure statutory under § 101 . 

19 In much the same way, claim 26 recites statutory subject matter that defines 

20 specific elements in memory that provide tangible benefits — that of screening 
2\ input strings that are intended for use by a Web server in a flexible and robust 

manner. To this end, Applicant's recited data structure is a physical entity that 

23 provides increased efficiencies in screening input strings. 

24 Accordingly, Applicant respectfully traverses the Officers rejection and 
submits that claim 26 is allowable. 
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Claims 27-31 are allowable as depending from an allowable base claim. 
35 U.S.C> S$ 102 and 103 Rejections 

Claims 1-1 1 and 13-30 stand rejected under 35 U.S.C. § 102(a) as being 
anticipated by U.S. Patent No. 5,884,033 to Duvall et al (hereinafter, "Duvall"). 
Claims 12 and 31 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Duvall in view of Oliver et aL, "Building a Windows NT 4 Internet Server**, 
1996, p. 203. 

The Duvall Reference 

The reference to Duvall discloses a client-based filtering system. The 
system allows a user to filter material received over the Internet that is personally 
objectionable, whether that material is sexually explicit, violent, politically 
extreme, or otherwise, depending on the user's individual tastes and sensitivities. 

The filter compares portions of incoming and/or outgoing messages to 
filtering information in a filter database and determines whether to block or allow 
incoming and/or outgoing transmissions of messages in response to the 
comparison. In response to a match between the portion of the message and the 
filtering infomiation, the system can employ one of a number of different 
specified blocking options. The system has an update server that is accessible over 
the Internet and that has new filtering information for updating the filter database. 

Claims 1-6 

Claim 1 recites a Web server input string screening method comprising 
[emphasis added]: 
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• determining an attack pattern that can be used to attack a Web 
server; 

• defining a search pattern that can be used to detect the attack 
pattern, the search pattern being defined in a manner that permits 
variability among its constituent parts; 

^ • receiving an input string that is intended for use by a Web server; 

• evaluating the input string using the search pattern to ascertain 
whether the attack pattern is present; and 

• implementing a remedial action if an attack pattern is found that 
matches the search pattern. 



8 In the Office Action, the Office rejects this claim under 35 US.C § 102 

9 and argues that Duvall anticipates the claimed subject matter. Specifically, the 
Office argues that Duvall "defines a plurality of unwanted input strings to be 
filtered (see column 3, line 64 to column 4, line 11), a search pattern that permits 

12 variability, can search a portion of the string, and has wildcard characters (see 

13 column 6, lines 28-42), receives an input string on a web server (see column 8, 

14 lines 18-27), evaluates the strings, and takes remedial action if necessary, 

15 including denying the request (see column 6, line 60 to column 7, line 13)/' 

16 Applicant submits that Duvall does not anticipate this claim and 

17 respectfully traverses the rejection. According to MPEP § 706.02, "for 
anticipation under 35 U.S.C. 102, the reference must teach evety aspect of the 

19 claimed invention either explicitly or impliedly. Any feature not directly taught 

20 musthe inherently present'" 

21 The first element of claim 1 recites "determining an attack pattern that can 

22 be used to attack a web server" Duvall does not disclose this; and, in fact, the 

23 Office does not even cite Duvall for this feature. Furthermore, Duvall does not 
14 even remotely suggest determining an attack pattern that can be used to attack a 
25 Web server, Duvall' s disclosure actually has absolutely nothing to do with Web 
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server attacks. Instead, DuvalVs disclosure deals with a system in which a user can 
filter material received over the Internet that is personally objectionable^ whether 
that material is sexually explicit, violent, politically extreme, or otherwise, 
depending on that user's individual tastes and sensitivities. This is very different 
from and not to be confused with determining an attack pattern that can be used to 
attack a Web server. Accordingly, for at least these reasons, this claim is 
allowable. 

Claims 2-6 depend either directly or indirectly from claim 1 and are 
allowable as depending from an allowable base claim- These claims are also 
allowable for their own recited features which, in combination with those recited 
in claim 1, are neither disclosed nor taught by the references of record, either 
singly or in combination with one another. 

Claims 7-12 

Claim 7 recites a Web server input string screening method comprising 
[emphasis added]: 

• defining one or more search patterns that comprise literal characters 
and special characters, wherein the literal characters indicate exact 
characters in an input string that is intended for receipt by a Web 
server, and the special characters indicate variable characters in an 
input string that is intended for receipt by the Web server, the search 
patterns being usable to search for an attack pattern that can be used 
to attack the Web server, and 

• storing the one or more search patterns in a memory location that is 
accessible to a screening tool for evaluating an input string that is 
intended for receipt by the Web server. 

In making out the rejection of this claim, the Office again argues that 
Duvall anticipates this claim- Once more, Applicant respectfully submits that 



123 8979 > at 1 1/SI03 12: 23:57 PM [Eastern Standard Time] 



IS 



] 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
]4 
IS 
16 
17 
IS 
19 
20 
21 
22 
23 
24 
25 

<5( 



05 2003 09:27 FR LEE - HAYES PLL 



509 323 8979 TO 17037467239 



P. 21/27 



Duvall does not anticipate this claim. As noted above, Duvall discloses nothing of 
search patterns that are useable to search for an attack pattern that can be used to 
attack a Web server. Moreover, Duvall does not even suggest any sort of method 
whatsoever for dealing with attack patterns, let alone their use in connection with a 
Web server. Accordingly, for at least these reasons, this claim is allowable. 

Claims 8-12 depend from claim 7 and are allowable as depending from an 
allowable base claim. These claims are also allowable for their own recited 
features which, in combination with those recited in claim 7, are neither disclosed 
nor taught by the references of record, either singly or in combination with one 
another. 

In addition, with respect to claim 12, which is rejected in view of Oliver, 
that reference is not seen to add anything of significance given the allowability of 
this claim and the failure of Duvall to anticipate claim 7. 

Claims 13-17 

Claim 13 recites a Web server input string screening method comprising 
[emphasis added]: 

• defining one or more search patterns that are specified as a regular 
expression, the search patterns being usable to search for an attack 
pattern that can be used to attack the Web server; and 

• storing the one or more search patterns in a memory location 
that is accessible to a screening tool for evaluating an input 
string that is intended for receipt by the Web server. 

Again, the Office rejects this claim under § 102 by arguing that Duvall 

discloses that "the search patterns may be stored in RAM." The Office cites to 

column 4, lines 45-49, which are reproduced below: 
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The system then checks for and retrieves any filters that match the 
particular IP address. The retrieved filters are checked to determine 
if any require immediate action, i.e., if unconditional allowing or 
blocking is required (steps 104, 106). 

Applicant respectfully submits that Duvall neither discloses nor suggests 
the subject matter of this claim. Specifically, Duvall neither discloses nor suggests 
search patterns that are usable to search for attack patterns that can be used to 
attack a Web server. Accordingly, for at least these reasons, this claim is 
allowable. 

Claims 14-17 depend from claim 13 and are allowable as depending from 
an allowable base claim. These claims are also allowable for their own recited 
features which, in combination with those recited in claim 13, are neither disclosed 
nor taught by the references of record, either singly or in combination with one 
another. 



Claims 18-21 

As amended. Claim 18 recites a Web server input string screening tool 
embodied on a computer-readable medium comprising [emphasis added]: 

• a pattern matching engine that is configured to receive an input 
string that is intended for use by a Web server and evaluate the input 
string to ascertain whether it likely constitutes an attack on the Web 
server^ and 

• one or more patterns that are usable by the pattern matching engine 
to evaluate the input string, the patterns being defined in a manner 
that permits variability among the constituent parts of the one or 
more patterns » 

The Office rejects this claim, again citing Duvall. Applicant respectfully 
traverses the rejection. Duvall neither discloses nor suggests a pattern matching 
engine that is configured to evaluate an input string to ascertain whether it likely 
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constitutes an attack on a Web server Accordingly, for at least these reasons, this 
claim is allowable. 

Claims 19-21 depead from claim 18 either directly or indirectly and are 
allowable as depending from an allowable base claim. These claims are also 
allowable for their own recited features which, in combination with those recited 
in claim 18, are neither disclosed nor taught by the references of record, either 
singly or in combination with one another. 

Claims 22-25 

Claim 22 recites one or more computer readable media having computer- 
readable instructions thereon which, when executed by a computer perform the 
following steps [emphasis added]: 

• receiving an input string that is intended for use by a Web server^ 

• evaluating the input string using a search pattern to ascertain 
whether the input string contains an attack pattern that can be used 
to attack the Web server^ the search pattern comprising literal 
characters and special characters, wherein literal characters indicate 
exact characters in the input string, and the special characters 
indicate variable characters in the input string; and 

• implementing a remedial action if an attack pattern is found that 
matches the search pattern. 

In making out the rejection of this claim, the Office again cites Duvall. 
However, Duvall does not disclose or suggest the act of evaluating an input string 
using a search pattem to ascertain whether the input string contains an attack 
pattern that can be used to attack a Web server. Because Duvall does not teach or 
suggest such an evaluation, it caimot possibly disclose implementing a remedial 
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action if an attack pattern is found that matches the search pattern. Accordingly, 
for at least these reasons, this claim is allowable. 

Claims 23-25 depend either directly or indirectly from claim 22 and are 
4 allowable as depending from an allowable base claim. These claims are also 
^ allowable for their own recited features which, in combination with those recited 
in claim 22, are neither disclosed nor taught by the references of record, either 
singly or in combination with one another. 



Claims 26-31 

11 As amended, claim 26 recites a collection of Web server screening patterns 

12 embodied on a computer-readable medium comprising: 



• a memory; and 

• a plurality of attack patterns stored in the memory, the attack 
patterns being useable to screen input strings that are intended for 

15 use by a Web server, individual attack patterns being defined in a 

manner that permits variability among their constituent parts. 

10 

'7 Again, the Office rejects the claim under § 102 by arguing that 

>8 Duvall discloses that "the search patterns may be stored in RAM." The 
'5 Office cites to colunm 4, lines 45-49, which was reproduced earlier* 
20 This claim has been amended to clarify that the patterns referred to are 

2' attack patterns. As discussed earlier, Duvall does not disclose attack patterns. 

22 Therefore, Duvall cannot possibly teach a plurality of attack patterns stored in 

23 memory. Accordingly, for at least these reasons, this claim is allowable. 
2* Claims 27-31 depend from claim 26 and are allowable as depending from 
25 an allowable base claim. These claims are also allowable for their own recited 
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features which, in combination with those recited in claim 26, are neither disclosed 
nor taught by the references of record, either singly or in combination with one 
another. 

In addition, with respect to claim 31, which is rejected in view of Oliver, 
that reference is not seen to add anything of significance given the allowability of 
this claim. 

Conclusion 

All of the claims are in condition for allowance and Applicant respectfully 
requests a Notice of Allowability be issued forthwith. If the next anticipated 
action is to be anything other than issuance of a Notice of Allowability, Applicant 
respectfully requests a telephone call for the purpose of scheduling an interview. 

Respectfully Submitted, 



Dated: II H OS By>-^ 

1 ( Tj*1v?p. Tl SaHler 



ce R. Sadler 
Reg. No. 38,605 
(509) 324-9256 
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